bakery-ia/infrastructure/platform/mail/mailu-helm/configs/mailersend-credentials-secret.yaml

# MailerSend SMTP Credentials Secret for Mailu
#
# This secret stores MailerSend credentials for outbound email relay.
# Mailu uses MailerSend as an external SMTP relay to send all outbound emails.
#
# ============================================================================
# HOW TO CONFIGURE:
# ============================================================================
#
# 1. Go to https://accounts.mailersend.com/signup and create an account
#
# 2. Add and verify your domain:
#    - For dev: bakery-ia.dev
#    - For prod: bakewise.ai
#    - Go to Email -> Domains -> Add domain
#    - Follow the DNS verification steps (add TXT records)
#
# 3. Generate SMTP credentials:
#    - Go to Email -> Domains -> Click on your domain
#    - Go to SMTP section
#    - Click "Generate new user"
#    - Save the generated username and password
#
# 4. Note your SMTP credentials:
#    - SMTP hostname: smtp.mailersend.net
#    - Port: 587 (TLS/STARTTLS)
#    - Username: generated by MailerSend (e.g., MS_xxxxxx@trial-xxxxx.mlsender.net)
#    - Password: generated SMTP password
#
# 5. Replace the placeholder values below with your credentials
#
# 6. Apply this secret:
#    kubectl apply -f mailersend-credentials-secret.yaml -n bakery-ia
#
# ============================================================================
# IMPORTANT NOTES:
# ============================================================================
#
# - MailerSend requires TLS 1.2 or higher (supported by default)
# - SMTP credentials are account-wide (work for any verified domain)
# - Free tier: 3,000 emails/month (12,000 with verified domain)
# - Rate limit: 120 requests/minute
#
# ============================================================================
# CRITICAL: AFTER UPDATING THIS SECRET
# ============================================================================
#
# Mailu's Postfix reads SASL credentials ONLY at pod startup. It does NOT
# automatically reload when this secret changes. You MUST do one of:
#
# Option 1: Update the credentials-version annotation in values.yaml and run helm upgrade
#   - Edit prod/values.yaml: postfix.podAnnotations.credentials-version
#   - Set to current timestamp: date +%s
#   - Run: helm upgrade mailu mailu/mailu -f values.yaml -f prod/values.yaml -n bakery-ia
#
# Option 2: Manually restart Postfix pod
#   kubectl rollout restart deployment/mailu-postfix -n bakery-ia
#
# Option 3: Delete the Postfix pod (it will be recreated)
#   kubectl delete pod -l app.kubernetes.io/component=postfix -n bakery-ia
#
# ============================================================================
# DNS RECORDS REQUIRED FOR MAILERSEND:
# ============================================================================
#
# Add these DNS records to your domain (Cloudflare) for proper email delivery:
#
# 1. SPF Record (TXT):
#    Name: @
#    Value: v=spf1 include:mailersend.net ~all
#
# 2. DKIM Records (TXT):
#    MailerSend will provide DKIM keys after domain verification
#    Typically: mlsend._domainkey and mlsend2._domainkey
#    (check your MailerSend domain settings for exact values)
#
# 3. DMARC Record (TXT):
#    Name: _dmarc
#    Value: v=DMARC1; p=quarantine; rua=mailto:admin@bakewise.ai
#
# 4. MX Records (for receiving mail via Mailu):
#    Priority 10: mail.bakewise.ai
#
# 5. A Record:
#    Name: mail
#    Value: <your-server-public-IP>
#
# ============================================================================
---
apiVersion: v1
kind: Secret
metadata:
  name: mailu-mailersend-credentials
  namespace: bakery-ia
  labels:
    app: mailu
    component: external-relay
  annotations:
    description: "MailerSend SMTP credentials for Mailu external relay"
type: Opaque
stringData:
  # ============================================================================
  # REPLACE THESE VALUES WITH YOUR MAILERSEND CREDENTIALS
  # ============================================================================
  # Key names match Mailu Helm chart defaults (relay-username, relay-password)
  #
  relay-username: "MS_d34ZtW@bakewise.ai"
  relay-password: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7"
Fix resources isues 8 2026-01-22 12:31:10 +01:00			`# MailerSend SMTP Credentials Secret for Mailu`
			`#`
			`# This secret stores MailerSend credentials for outbound email relay.`
			`# Mailu uses MailerSend as an external SMTP relay to send all outbound emails.`
			`#`
			`# ============================================================================`
			`# HOW TO CONFIGURE:`
			`# ============================================================================`
			`#`
			`# 1. Go to https://accounts.mailersend.com/signup and create an account`
			`#`
			`# 2. Add and verify your domain:`
			`# - For dev: bakery-ia.dev`
			`# - For prod: bakewise.ai`
			`# - Go to Email -> Domains -> Add domain`
			`# - Follow the DNS verification steps (add TXT records)`
			`#`
			`# 3. Generate SMTP credentials:`
			`# - Go to Email -> Domains -> Click on your domain`
			`# - Go to SMTP section`
			`# - Click "Generate new user"`
			`# - Save the generated username and password`
			`#`
			`# 4. Note your SMTP credentials:`
			`# - SMTP hostname: smtp.mailersend.net`
			`# - Port: 587 (TLS/STARTTLS)`
			`# - Username: generated by MailerSend (e.g., MS_xxxxxx@trial-xxxxx.mlsender.net)`
			`# - Password: generated SMTP password`
			`#`
			`# 5. Replace the placeholder values below with your credentials`
			`#`
			`# 6. Apply this secret:`
			`# kubectl apply -f mailersend-credentials-secret.yaml -n bakery-ia`
			`#`
			`# ============================================================================`
			`# IMPORTANT NOTES:`
			`# ============================================================================`
			`#`
			`# - MailerSend requires TLS 1.2 or higher (supported by default)`
			`# - SMTP credentials are account-wide (work for any verified domain)`
			`# - Free tier: 3,000 emails/month (12,000 with verified domain)`
			`# - Rate limit: 120 requests/minute`
			`#`
			`# ============================================================================`
Fix issues 7 2026-01-23 21:42:31 +01:00			`# CRITICAL: AFTER UPDATING THIS SECRET`
			`# ============================================================================`
			`#`
			`# Mailu's Postfix reads SASL credentials ONLY at pod startup. It does NOT`
			`# automatically reload when this secret changes. You MUST do one of:`
			`#`
			`# Option 1: Update the credentials-version annotation in values.yaml and run helm upgrade`
			`# - Edit prod/values.yaml: postfix.podAnnotations.credentials-version`
			`# - Set to current timestamp: date +%s`
			`# - Run: helm upgrade mailu mailu/mailu -f values.yaml -f prod/values.yaml -n bakery-ia`
			`#`
			`# Option 2: Manually restart Postfix pod`
			`# kubectl rollout restart deployment/mailu-postfix -n bakery-ia`
			`#`
			`# Option 3: Delete the Postfix pod (it will be recreated)`
			`# kubectl delete pod -l app.kubernetes.io/component=postfix -n bakery-ia`
			`#`
			`# ============================================================================`
Fix resources isues 8 2026-01-22 12:31:10 +01:00			`# DNS RECORDS REQUIRED FOR MAILERSEND:`
			`# ============================================================================`
			`#`
			`# Add these DNS records to your domain (Cloudflare) for proper email delivery:`
			`#`
			`# 1. SPF Record (TXT):`
			`# Name: @`
			`# Value: v=spf1 include:mailersend.net ~all`
			`#`
			`# 2. DKIM Records (TXT):`
			`# MailerSend will provide DKIM keys after domain verification`
			`# Typically: mlsend._domainkey and mlsend2._domainkey`
			`# (check your MailerSend domain settings for exact values)`
			`#`
			`# 3. DMARC Record (TXT):`
			`# Name: _dmarc`
			`# Value: v=DMARC1; p=quarantine; rua=mailto:admin@bakewise.ai`
			`#`
			`# 4. MX Records (for receiving mail via Mailu):`
			`# Priority 10: mail.bakewise.ai`
			`#`
			`# 5. A Record:`
			`# Name: mail`
			`# Value: <your-server-public-IP>`
			`#`
			`# ============================================================================`
			`---`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: mailu-mailersend-credentials`
			`namespace: bakery-ia`
			`labels:`
			`app: mailu`
			`component: external-relay`
			`annotations:`
			`description: "MailerSend SMTP credentials for Mailu external relay"`
			`type: Opaque`
			`stringData:`
			`# ============================================================================`
			`# REPLACE THESE VALUES WITH YOUR MAILERSEND CREDENTIALS`
			`# ============================================================================`
Fix issues 7 2026-01-23 21:42:31 +01:00			`# Key names match Mailu Helm chart defaults (relay-username, relay-password)`
Fix resources isues 8 2026-01-22 12:31:10 +01:00			`#`
Fix issues 7 2026-01-23 21:42:31 +01:00			`relay-username: "MS_d34ZtW@bakewise.ai"`
			`relay-password: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7"`